Hi everyone, first time ever using mailing lists. Please let me know if something I'm doing wrong.
I'd like to run a middle relay. I'm using Linux mint 19
The question. Can i set up relay through VPN? (nordvpn) Or if i want relay i have to stop using vpn? Thank you for help
--- Google, Facebook, The government and others are spying on your emails! DO YOU LIKE IT? If not, CHANGE! Securely sent with Tutanota. Claim your encrypted mailbox today! https://tutanota.com
On 11/27/2018 02:18 PM, deadcow@tuta.io wrote:
I love VPNs, but running a Tor relay through one is a _bad_ idea. It introduces latency. And there are also security issues.
It's easy with OpenVPN in Linux to create routing exceptions. So Tor could connect directly, bypassing the VPN tunnel. But everything else would still use the VPN.
11:18 PM, deadcow@tuta.io wrote:
Hello,
Thanks for your interest in running a relay.
You say you want to run a middle relay, why do you want to run it behind a VPN in this case? Middle relays get no abuse complaints or anything as they can not be used as exit points. Maybe you can explain to us why you think you need to run your middle relay behind a VPN, do you have a particular reason? Because for Tor running a relay behind a VPN is not a + on security or privacy at all, instead it just complicates things.
Secondly, if you have justified reason to still want to use a VPN on a middle relay, here are some things you need to take into consideration as well as disadvantages:
- you will have higher latency; - the bandwidth of your relay will be of the speed of the VPN itself, and shared VPN usually are slow for high grade server connections that run 24x7 with constant bandwidth usage; - when the VPN tunnel will fail, due to an endpoint problem or internet connectivity problem or route to destination problem, etc., the relay will update its descriptor with the real IP address instead of the VPN address, and when the VPN tunnel connects again change again and so on until clients will be confused. One way around this is for your to specify 'Address' in torrc and bind to explicit <address>:<port>.
- you don't need just any VPN, you need a VPN with a public and static IP address, so that you can actually open ports on that IP address applications can bind and listen to certain ports. A normal shared VPN that just changes the IP address for browsing is not sufficient, because that does not assign a public static IP address directly.
There are VPN services out there that offer public and static IP addresses, but they are more expensive.
- you should tell the VPN provider that you plan to use the maximum available bandwidth 24x7, because all say it's unlimited because they think "nobody will use that much", but when running Tor relays this is not true.
On Wed, Nov 28, 2018 at 02:23:38PM +0200, s7r wrote:
Another disadvantage to consider: if you run your relay via a VPN, then you are expanding the surface area of who around the internet gets to see the Tor traffic flowing through your relay. It's encrypted, yes, but encryption doesn't hide traffic characteristics like timing and volume.
So it's not just a performance issue, it's also a security issue. The farther away from your relay the VPN is, the more the traffic is traversing parts of the network it doesn't really need to, and the more appealing it becomes to instead "just run a relay where the VPN is".
--Roger
Hi,
Just one clarification:
Occasionally, clients will ask middle relays to connect to another server as if it was a relay. We don't know why this happens: it could be a custom Tor client bug. It's a pretty useless attack, because it's slow, and it provides very little information about the server.
It's very unlikely you will get an abuse notice from activity like this.
T
tor-relays@lists.torproject.org
-
deadcow@tuta.io -
Mirimir -
Roger Dingledine -
s7r -
teor